Do you need a degree for working in cybersecurity?

I have been looking into the field of cybersecurity as a career path and because I'm still a highschool student I was wondering if I'd need a degree to work as a penetrtion tester for example or if there are more important qualification's or alternatives.

Comments

  • ElitisElitis S+ Pentest+ CCENT CCNA eJPT eCPPT OSCP Member Posts: 50 ■■■□□□□□□□
    You can generally get by in Cybersecurity and IT without a degree up until you're about to hit management. And by "get by", I mean spend a few years working your way up the food chain. That said, a lot of people usually get into Cybersecurity after some time in IT. I've heard of people going straight into it by utilizing internships while in school, so that may be a path available as well. As for Pentesting, there are very few exceptions here (and for good reason). The most typical path is usually a few years of IT (including Help Desk) and then a few years doing blue team work. You may be able to go from IT (beyond help desk) directly into a pentesting role, but this isn't extremely common.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,259 Admin
    edited January 21
    Pentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way. ;)
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,042 ■■■■■■■■□□
    edited January 21
    In my opinion some good Certifications will get you a a lot more mileage then a four year degree. College tuition at a 4 year in-state public college is around 11k a year, that's 44k over four years. At this time, each SANS course and certification is $7,800, So say if you had a GCIH, GPEN and  GXPN, the cost would be $23,400, I say that would get you a lot more attention on a resume than a college degree with no certifications. (Assuming no experience for both candidates). In theory you could obtain all three certification in under a year. Also note that a GXPM is a 600 level course, very difficult exam to pass.    
    Still searching for the corner in a round room.
  • ElitisElitis S+ Pentest+ CCENT CCNA eJPT eCPPT OSCP Member Posts: 50 ■■■□□□□□□□
    JDMurray said:
    Pentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way. ;)
    Note to self: go to def con before (maybe) getting a degree. 
  • changlinnchanglinn Member Member Posts: 40 ■■■□□□□□□□
    Second what TechGromit said. I am a hiring manager, and have hired plenty of Analysts, admins and recent a penetration tester. The pentester did have a degree, but that wasn't the reason he got the job, it was his OSCP, and active research and extra-curricular training. Most of the Analysts I've hired had degrees, but then again they also had other demonstrated experience and hobbies. I hired internally an analyst recently with no degree, and very little professional experience, but as he was internal we knew about him entering CTF's and the lab he had at home. The problem is often getting past HR or recruiters. For this more often than not, certs are enough except for management and exec levels.
    I also had a couple of interns from Masters programs around the place, almost all of them haven't been as good as the recent analyst with no degree.

    A+, C|EH, CISSP, CISM, CRISC, GSTRT, MCSA:Messaging, MCSE:Security
    "Brain does not meet certification requirements, please install more certifications" Me
    Currently Studying: Cyber Security masters and ISC2 CCSP.
    Security blog; http://security.morganstorey.com
  • YarBYarB GermanyMember Posts: 11 ■■□□□□□□□□
    Actually, there are many experienced specialists without a degree in the IT-sphere, but they just get weeded out during the application process. It's a competition. Why would a manager hire a person who didn’t bother to go to college when other applicants did? That's why a lot of young inexperienced people work for big companies and get a good salary. This is how it works. If you have the possibility to receive the diploma, it is better to do this. But it's only my opinion. 
  • E Double UE Double U Member Posts: 1,878 ■■■■■■■■■□
    I have been in Information Security since 2012 and every org I have worked for listed a bachelors as a minimum in the requirements. Not that you need a degree to actually do the job though :-)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • gmbseoxxgmbseoxx Member Posts: 2 ■■□□□□□□□□
    A bachelor's degree in engineering or computer science is required for employment as a security engineer.
  • beadsbeads Senior Member Member Posts: 1,520 ■■■■■■■■■□
    We just hired a new pentester for less than $40,000 with certs and education. This person gets to push prewritten scripts all day. Hardly exciting work.

    As for the degree and Information Security, cyber being but a small part of security as a whole. You will spend more and more time doing research, writing papers, presentations and memos than just skill based technology. Skills are important but the soft skills: communicating, writing, persuasion, risk analysis and other business skills are also becoming more and more critical to business. This is where a degree is far more important in the long run than certs. Sorry cert lovers but certification doesn't mean what it used to say 10 years ago when I first started an account on the original TechExams board. Today, we can safely say too many exams are dumped or hacked to strictly be taken seriously.

    Management in IT is a dying role as well. I see fewer 'managers' but lots of team lead roles reporting to Director level positions. My current consultation has zero managers with everyone, some 450 people, reporting to one director. I see this as being much more common in the future.

    In the long run, get your degree or work an entry level job the rest of your career.
Sign In or Register to comment.